[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gpg/pgp noise

On Tue, 08 May 2012 14:53:30 +0300
Mika Suomalainen <mika.henrik.mainio@hotmail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 08.05.2012 14:45, Jochen Spieker kirjoitti:
> > Indulekha:
> >> 
> >> No, I think you may have an incorrect or incomplete
> >> configuration....
> > 
> > This is inline vs. MIME:
> > 
> > http://www.phildev.net/pgp/pgp_clear_vs_mime.html
> > 
> > J.
> 
> And that page forgets the problems in MIME.
> 
> PGP/MIME requires headers, message and the signature.asc to be
> verified. Some mailing list programs mess up with the headers and this
> way make PGP/MIME signatures unverifiable.

I'm no expert in all this, but can you explain and document what you
mean by the claim that "headers ... must be verified"? All emails have
their headers modified en route (e.g., "Received:" and "Delivered-To"
are added, as are all kinds of "X-stuff" ones). Does PGP/MIME really
protect all headers (beyond the MIME ones)? It really breaks if *any*
headers are modified? Please provide documentation.

http://www.ietf.org/rfc/rfc1847.txt
http://www.imc.org/ietf-openpgp/mail-archive/msg01938.html

This stuff is old, but do you have anything more current?

Celejar
Reply to: